From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id gOttK+CGb2JJ7QAAbAwnHQ (envelope-from ) for ; Mon, 02 May 2022 09:23:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id EIFmK+CGb2L4HQAAauVa8A (envelope-from ) for ; Mon, 02 May 2022 09:23:12 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3315940580 for ; Mon, 2 May 2022 09:23:12 +0200 (CEST) Received: from localhost ([::1]:41342 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nlQOl-0003yr-C6 for larch@yhetil.org; Mon, 02 May 2022 03:23:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33580) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nlQNU-0003v6-Oc for guix-devel@gnu.org; Mon, 02 May 2022 03:21:52 -0400 Received: from relay8-d.mail.gandi.net ([217.70.183.201]:39237) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nlQNS-0004DG-IE; Mon, 02 May 2022 03:21:52 -0400 Received: (Authenticated sender: tanguy@bioneland.org) by mail.gandi.net (Postfix) with ESMTPSA id 651701BF20A; Mon, 2 May 2022 07:21:44 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable References: <164966505518.14431.3309259068866383863@localhost> <87tuaqw36n.fsf@gnu.org> <38fcdec1-290a-4d7b-3736-bb6947525c2e@philipmcgrath.com> Subject: Re: Finding a =?utf-8?b?4oCcZ29vZOKAnQ==?= OpenPGP key server From: Tanguy LE CARROUR To: Ludovic =?utf-8?q?Court=C3=A8s?= , Philip McGrath In-Reply-To: <38fcdec1-290a-4d7b-3736-bb6947525c2e@philipmcgrath.com> Date: Mon, 02 May 2022 09:21:43 +0200 Message-ID: <165147610382.2266.1877773176182189615@localhost> User-Agent: alot/0.10 Received-SPF: none client-ip=217.70.183.201; envelope-from=tanguy@bioneland.org; helo=relay8-d.mail.gandi.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1651476192; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=9nEHcYWSf1cxu/+XprJuLjpu3NWQz0gC/Vov2159tvw=; b=XmudbT6i5b5rnQq9iLiLW8CeRftvOthH1ot/C2scZqKu+Wru3xlZMx1iPBlvS0NoVS/x38 Bc9n01RBg0sK5uOvnUrLpmnfW1ylckLe8u/uaZ2qDlw+vvsKNVKT4gfYUyay8SXawUhjas wTw6rCQpRMuUkr//iPUWuXjHGQdwl7oeMQ9aTaCJtLqKdtW9GrqBs8gyXSkOWmeuAfbMwD Q1pcpy33MSLJzZiBIyyxDSYY0EVm+KnfHx47rFSzF4QsLW72z7m/ReDPTBu+Tr/fjnLVCO g0xOpW7z+33qOLl1hmo3Q7KX8yz8GDV8bRB4yyNRNMy6o81Zijs3CmXRmaDZzQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1651476192; a=rsa-sha256; cv=none; b=DaCI4Rx5O4C4NFBqvzEwmin7OouMaGOX9rl621FN7ebACAhBbX7QuudrGmD1maov7DOxa4 ss9AXc80vGlg/N0fr9mIGaT9pzrOSB66g6JOf6CQaE/EoGQOuwyQj/Dn+8G8atcwKkTN40 vb/uDkdrq/woV/D/DrMadGB/vh4YHXy9rk8wDvzYC9kA+XxcaPQm0H+ufmVIVKOhx9JWhS Yc36C3BJoMw1Al4NqxSmsYuZ8n1jAqdxOLHpZk+naHBene1Zc+HjWUDrrirjysCHsB8oU9 en+ckoQwFO7+JtmN3ZIvb2Tt9y998LEfqQJmu3LWugzCzVyDNZxTPvo15UoKLA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.39 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 3315940580 X-Spam-Score: -2.39 X-Migadu-Scanner: scn1.migadu.com X-TUID: X0+MLhYVHjqA Hi Philip, Quoting Philip McGrath (2022-04-29 21:11:41) > On 4/18/22 16:24, Ludovic Court=C3=A8s wrote: > > Hi, > >=20 > > Tanguy LE CARROUR skribis: > >=20 > >> gpgv: Signature made Wed 16 Sep 2020 22:30:16 CEST > >> gpgv: using RSA key 6115012DEA3026F62A98A556D6B570842F7= E7F8D > >> gpgv: Can't check signature: No public key > >> Would you like to add this key to keyring '/home/tanguy/.config/guix/u= pstream/trustedkeys.kbx'? > >> yes > >> gpg: keyserver receive failed: No data > >=20 > > This indicates that =E2=80=98guix refresh=E2=80=99 failed to download t= he relevant GPG > > key from the default key server, the one that appears in > > ~/.gnupg/dirmngr.conf (if it exists). > >=20 > > That=E2=80=99s unfortunately often the case these days. :-/ This key a= ppears to > > be on keys.openpgp.org, but it lacks a =E2=80=9Cuser ID=E2=80=9D packet= and so gpg > > ignores it (for no good reason): > >=20 > > --8<---------------cut here---------------start------------->8--- > > $ gpg --no-default-keyring --keyring /home/ludo/.config/guix/upstream/t= rustedkeys.kbx --keyserver keys.openpgp.org --recv-keys 6115012DEA3026F62A9= 8A556D6B570842F7E7F8D > > gpg: key D6B570842F7E7F8D: no user ID > > gpg: Total number processed: 1 > > $ gpg --no-default-keyring --keyring /home/ludo/.config/guix/upstream/t= rustedkeys.kbx --list-keys 6115012DEA3026F62A98A556D6B570842F7E7F8D > > gpg: error reading key: No public key > > --8<---------------cut here---------------end--------------->8--- > >=20 > > I=E2=80=99m not sure what a good solution is (other than looking for th= e key > > manually on Savannah or on some random key server). > >=20 >=20 > Many distributions of GnuPG include a patch to handle keys without =E2=80= =9Cuser=20 > ID=E2=80=9D packets.[1] In fact, it may well be *most* distributions: Deb= ian,=20 > Fedora, Nix, OpenSUSE[2], and at least one commonly-recommended=20 > installation option for Mac. Debian packagers have argued [3]: >=20 > > I think GnuPG's inability to receive these > > kinds of cryptographic updates to OpenPGP certificates that it knows > > about is at core a security risk (it makes it more likely that users > > will use a revoked key; or will be unable to use any key at all, and > > will send plaintext). >=20 > Unfortunately, the upstream GnuPG maintainer has rejected the patch, I=20 > guess because strict conformance to the OpenPGP standards requires user=20 > ids.[4] >=20 > I am by no means an expert on PGP or GPG issues, but I'd be in favor of=20 > Guix adopting this patch. >=20 > -Philip >=20 > [1]: https://keys.openpgp.org/about/faq#older-gnupg > [2]: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2 > [3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D930665#10 > [4]: https://dev.gnupg.org/T4393#133689 Oh=E2=80=A6 thank you so much for your answer! Looks like the proper way to= go! I'll try to update GnuPG package definition to integrate one or several of those patches. Or maybe we should first figure out it this is the right thing to do?! Guix, thoughts!? Regards, --=20 Tanguy